Electronic Voting: The 2004 Election and

Beyond

Prof. David L. DillDepartment of Computer Science

Stanford Universityhttp://www.verifiedvoting.org

Role of Elections

Democracy depends on everyone, especially the losers, accepting the results of elections.

“The people have spoken . . . the bastards!” - Dick Tuck concession speech

Levels of Accountability

We often have to trust people, but we rarely trust them without accountability.

Levels of accountability– Can we detect error? – Can we correct it?

Simple error detection is the most condition for trustworthiness.

The DRE Auditing Gap

Screen touches

Recordedvotes

DRE System

?President

Joe BlowPresident

Fred Derf

Any accidental or deliberate flaw in recording mechanism can compromise the election.. . . Undetectably!

Voting is Especially Hard

Unlike almost every other secure system, voting must discard vital information: the connection between the voter and the vote.

Summary of Technical Barriers

It is currently (practically) impossible to create trustworthy DREs because:

• We cannot eliminate program bugs.• We cannot prevent software and

hardware from being subverted (especially by the designers).

• We cannot verify that the desired software is running on the computer.

“We’ve never had a proven case of vote fraud on DREs”

• Votes have definitely been lost due to bugs (Wake County, NC, 2002).

• Fraud has never been investigated.• Candidates don’t bother asking for recounts

They just get “reprints”

• Danger and motivation increases with number of DREs (twice as many votes this election than 2002).

• Applications with much more security and lower stakes have had sophisticated fraud (e.g., gambling).

Voter Verifiable Audit Trail

• Voter must be able to verify the permanent record of his or her vote (i.e., ballot).

• Ballot is deposited in a secure ballot box.– Voter can’t keep it because of

possible vote selling.• Under normal conditions, paper ballots

should be considered more reliable than electronic records.

This closes the auditing gap.

Options for Voter Verifiable Audit Trails

• Manual ballots with manual counts.• Optically scanned paper ballots.

– Precinct-based optical scan ballots have low voter error rates.

• Touch screen machines with voter verifiable printers.

• Other possibilities (unproven! ).– Other media than paper?– Cryptographic schemes?

For now, paper is the only proven option.

November, 2004

We’ve done what we can to get paper. In the short term, we’re focusing on other initiatives.

• TechWatch– Computer-literate volunteers to observe election.– They will observe & document pre-election testing.– They will observe election (often as poll workers) &

vote counting

• Election Scorecard– Questions about basic “best practices” related to

election security– Working with Brennan Center, Leadership

Conference on Civil Rights, Center for American Progress, others.

Election Incident Reporting System

• Online capture of election incident reports.• The Verified Voting Foundation is partnered

with CPSR for SW development.• Reports will be entered by Election Protection

Coalition (60+ member organizations).• Hotline 1-866-OUR-VOTE

– Anyone else can enter a report as well

• Goals– Deal with incidents in real-time, when possible– Collect knowledge on how elections really work.

The Big Risk

All elections conducted on DREs are open to question.

www.verifiedvoting.org

More information is available at our website.